Are security loopholes leaving your organisation vulnerable?

Being considered a trustworthy brand that customers will willingly share their private data with requires transparency, accountability and careful application of data protections. That’s why audits aren’t the only reason organisations should be actively looking for and closing the gaps in the security of their data. Recent controversies from major brands, including Facebook and TikTok, with the resulting negative media attention and potential legal actions serve as lessons both to consumers and businesses to step up their data protections and close security loopholes.

When it comes to finding the source of potential security breaches, it’s important to investigate every aspect of the way data is collected, stored, secured and destroyed within an organisation. A reliance on paper-based documentation opens up security gaps because of the accessible, easy to lose/misplace/misfile/accidently spill coffee on nature of paper. Whilst we’ve cut back on printing and photocopying, many organisations still rely on printed faxes, which opens up a significant security risk.

Why are paper-based faxes an issue?

While they’re lauded as being more secure than emails due to the way information is transmitted, faxes printed by fax machines and multifunction printers in office environments can be picked up and read by anyone passing by. They open up the potential for privacy breaches whenever they’re received. Manual handling processes means faxes need to be printed, collected, allocated, actioned, stored and destroyed. Each of these overlapping processes and systems contain potential for unauthorised viewing, sharing and insecure destruction of confidential information.

When faxes are sent and received, critical information is stored, either on the hard drive of the fax machine, multifunction printer, or on the fax server. This data is often overlooked when machines are replaced, or data removed from fax servers to make room for new data.

As staff move between worksites or working remotely from home or a shared office space—it’s nearly impossible to track who has taken which bits of paper with them and what they had with them if a critical folder or laptop bag gets lost along the way. Working remotely also means they lose access to the onsite fax machines in the office.

What else is at stake?

It can feel like we’re living in uncertain times, especially as workplaces stand with one foot in the traditional paper-based office settings and the other hovering in the exciting potential of digital work. Merging the way we’ve always worked with modern threats requires savvy communication and storage of data to protect our workplaces from threats like cyber-attacks and hacking of email servers. As we’ve seen with the increase in natural disasters, such as floods and bushfires or a health pandemic like COVID-19, staff can be thrown into disarray if they’re overly reliant on accessing printed materials and physical hardware at the office.

As Australia rolls out the national broadband network over the next few years, organisations will be increasingly required to consider how they can embrace the digital revolution and take the opportunity to overhaul their existing systems for more secure and reliable processes that can grow flexibly with them.

How can we transfer large files, sensitive data and documents securely?

As our digital capabilities grow, it’s easier than ever to send and share large files across worksites and organisations. Although online sharing systems like Dropbox and Google Drive are free and allow users to share large files easily, they’re vulnerable to cyber threats from hackers, don’t allow data to be encrypted and are limited in the security and tracking of documents. Also, access is simple to share beyond authorised users.

Cloud faxing provides an alternative for workplaces looking for a secure and reliable platform to safely share documents. Cloud faxing allows people to send documents to a fax number, as they usually would, but the document is received within a secure fax system. Users are alerted by email when a new fax arrives and can log in and access the document via the secure portal. Documents can be sent and received from any phone, computer or device, permitting users to access, sign, send and retrieve faxes through their existing email systems wherever they are in the world.

How can you protect privacy in your organisation?

Data privacy is everyone’s responsibility; however, staff need to be given clear information on the way that the organisation collects, stores, uses and destroys sensitive material. Having a nominated privacy officer who’s responsible for knowing which legalisation applies to your organisation, being able to interpret the legislation and translate that into policies and processes is critical.

The Privacy Act 1988 is the key legislation governing how information is handled in Australia. It covers how information is stored, used, collected and disclosed by organisations. Organisations working with clients from overseas are also bound by international legislation, such as the General Data Protection Regulation (GDPR) that regulates EU privacy laws.

Workplaces implementing easy to navigate, streamlined systems that centralise processes and reduce duplications will find it much simpler to adapt to the inevitable changes in technology and legislation over time. Having a scalable system for managing data flow is also a critical step in ensuring that security issues don’t emerge when organisations grow rapidly.

Whenever we expect customers to share personal data, there’s an obligation to ensure that the data is protected and used in accordance with legislation. Having clear policies and processes for collecting, storing and sharing data at every step of the communication channels, both internally and externally, is essential to protecting the reputation and trust you’ve worked so hard to gain from customers. Switching to more secure cloud-based data management systems will give organisations the peace of mind that they’re always going to be one step ahead of potential security threats and are able to easily scale and grow with confidence.

Image credit: ©stock.adobe.com/au/VideoFlow